Magento 1 End-of-Life: Protecting Your Website After June 2020

There has been a constant and ever-increasing stream of contact to our sales team over the past few months regarding one topic in particular. Brands want to know about Magento migrations from version 1 to version 2 in time for June’s end-of-life (EOL) deadline. This has shown us there is still a huge demand from retailers needing assistance to move from the aging version of Magento to shiny Magento 2.3, with all its bells, whistles and APIs.

Many presumed that an ‘upgrade’ from M1 to M2 wouldn’t be complicated. As such, some companies have failed to act until the second quarter of 2020 in the hope that agencies would have more time to help them. However, the opposite is true and there has never been more demand for Magento resources than there is right now.

Alongside this, recent events regarding Coronavirus and the effect it has had on agencies and retailers means there is suddenly a perfect storm for those looking to migrate before, or near to, the June deadline.

The truth is, there is now very little probability that anyone running on Magento 1 will be able to migrate to Magento 2 before the close of Q2 2020. So, what does that mean for you? Are you stuck with an unsupportable, un-upgradable, unlovable eCommerce solution for the foreseeable? Not necessarily. But it doesn’t mean you can sit back and relax either.

The reality of Magento 1 in 2020

Magento powers more than 1.5 billion sites around the world, yet the majority of these websites are still sit on the Magento 1 platform. So, why aren’t businesses rushing to make the switch?

The global COVID-19 crisis has seen many businesses experience an increase in eCommerce traffic as the world turns online in place of bricks-and-mortar shopping. This rise in online traffic means for many, that now is not the time to undertake a full site migration, leaving their site vulnerable post June EOL.

Supporting and developing a Magento 1 site beyond June isn’t impossible, but it isn’t going to be easy, or cheap, either. The hardest thing for most businesses to adapt to will be compliance. Magento and many third-party suppliers who have previously certified their solutions as being GDPR, PCI, ISO and all sorts of other TLA-level compliant, are distancing themselves from Magento 1. As such, businesses must take it upon themselves to ensure they remain compliant and, in the event something goes wrong, the responsibility is on them to demonstrate that appropriate measures have been taken to protect their customers from wrongdoing.

Anyone who has been through the process of a full PCI-compliance declaration will tell you that it’s no easy task. There are hundreds of pieces of information required to complete the declaration, and documentation needs reviewing on a regular basis as changes are made to your site. GDPR is equally troublesome, and there are many other regulations if you sell overseas, sell to businesses or perform additional tasks as part of your business.

Coupled with compliance is the issue of ongoing support from extension and add-on providers. Many companies in the Payments and Order Management sectors have already stated that support for Magento 1 integration will cease on or around June 2020. Even if your partners are currently planning on continuing to support existing implementations of their Magento 1 integrations, once June passes and implementations begin dwindling, it won’t be long before they look to drop support.

This will likely prove to be the biggest unknown for companies planning to remain on Magento 1. As soon as a vulnerability is discovered in Magento 1, there will be a rush to fix the core codebase as quickly as possible. As Magento themselves are no longer co-ordinating efforts to release patches, there is the likelihood that multiple fixes will be released, and these may be subtly different. As these fixes accumulate, and the codebase becomes more complicated, we’ll start to see patches which are only compatible with some other versions or previous patches. Suddenly, an already complicated situation becomes ten times harder.

Seeking a tactical solution

In the short-term, how does a Magento 1 customer seek to secure themselves during these uncertain times? Agencies will still consider taking on and supporting Magento 1 sites but are likely to impose cautions in any agreement to take responsibility. The alternative of a business taking on support and maintenance of the site themselves is also possible but should never be seen as a cost-saving solution as it will guarantee more cost in the long-run.

Upgrade to the latest version

It’s imperative that your site is fully patched up to the latest version of M1 (1.9.4.5 for Open Source, 1.14.4.5 for Commerce) to ensure that any known vulnerabilities have been patched. There are serious holes in older versions of Magento which could give full control of your site and the data within it to malicious third parties.

Assessing your digital estate

Secondly, you should take time to completely understand where you are with your eCommerce solution including what customisations are present, what extensions are being used and what third parties you rely on. If you’re looking for a partner to assist you in this, effective agencies will insist on a full code audit before taking on a new client and some may offer this service even if you’re not looking to migrate to them afterwards. Either way, this will ensure you don’t have anything hidden and can go into the unknown as well informed as possible.

Preparing for the worst

Securing your website post EOL will be tricky but, should the worst happen, it is essential for businesses to have a backup plan to help recover their website. We have recommended to all our clients still on Magento 1 to implement Sucuri as a website security platform. Sucuri provides tiered solution plans tailored to your business’ needs. There is a monthly fee, but the benefits far outweigh this and it also provides peace of mind knowing their team can work with you to recover and clean up your site in the event of a hack.

Planning for the future

Next, you need to have a future strategy in place for your online business. Magento 1 is over 12 years old, and while you might not expect to move away from it in the coming months, there will come a time when you have to move onto something else.

Set yourself a clear and definitive measure for when that will be. It could be a limit to the amount of downtime you’re experiencing per month, the average page load speed slowing down to a particular point. Or, it may be a case of defining your new features and developments for the upcoming 12 months to see how many of them are already present in the latest version of Magento 2.

Once you have defined this, you should be in a position to put in place the measures required to support your site past June 2020. Whether you’re seeking an in-house developer or an agency to help you, you need to engage with them ASAP.

Investing in your business

Businesses have had several years to take action on Magento 1 EOL, yet some are only now considering what to do next. If eCommerce and digital are significant to your business, it’s time to consider your priorities and understand whether you are underinvesting in, or under-prioritising, your eCommerce platform.

Your website is the foundation of everything you do online, and yet the prospect of investing in a new solution which will last another five to seven years seems to fill some brands with dread. Business plans should demonstrate that this investment pays for itself over a fraction of the platform’s lifetime and the potential for further growth, cost saving, and operation efficiencies are countless.